Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CyberThreat. Show all posts
XorBot
Botnet CyberCrime Cyberhackers Cybersecurity CyberThreat IoT Technology XorBot

XorBot Evolves with Advanced Evasion Strategies, Targets IoT

 


A resurgence of the XorBot botnet was detected by NSFOCUS, which has been identified as a powerful threat to Internet of Things (IoT) devices across the world. XorBot was first discovered in late 2023; since then, it has evolved significantly, gaining advanced anti-detection mechanisms as well as a wider array of exploits and methods from which to sneak past detection. 

Cybersecurity defenders are now faced with a new challenge, especially in light of the latest version, version 1.04. The XorBot has consistently proven its ability to adapt and evade detection since it was first introduced in 2009. "XorBot is unequivocally one of the biggest threats to the security of the Internet of Things (IoT)," NSFOCUS reports. 

It targets devices such as Intelbras cameras and routers from TP-Link and D-Link, as well as a variety of other internet-connected devices. There are currently up to 12 exploit methods available in the botnet, and it has evolved to control a significant number of devices over the years. XorBot is particularly known for propagating its infection by exploiting vulnerabilities in IoT devices to spread. It has been confirmed by Thawte that one of the threat actor groups Matrix, has been linked to a widespread distributed denial-of-service (DDoS) campaign which exploits devices which are connected to the Internet of Things (IoT) due to vulnerabilities or misconfiguration. 

The devices involved in this operation, including IP cameras, routers and telecom equipment, have been co-opted into a botnet for purposes of launching disruptive attacks against a network. It appears that the campaign is primarily targeting IP addresses related to China and Japan, with a lesser degree of activity present in other regions including Argentina, Brazil, and the United States. Interestingly, Ukraine has not been targeted. This suggests that the campaign is being launched for financial reasons, not for political reasons. 

As part of the matrix attack, Matrix exploits known vulnerabilities in internet-connected devices by making use of publicly available tools and scripts, including those found on platforms such as GitHub. A variety of internet-connected devices, such as IP cameras, DVRs, routers, and telecommunication equipment, are vulnerable to attacks via attack chains using known security flaws and default or weak credentials, allowing adversaries to access a wide variety of internet-connected devices. 

Besides misconfigured Telnet, SSH, and Hadoop servers, it has also been observed that this threat actor is targeting IP addresses that belong to cloud service provider (CSP) IP address ranges such as Amazon Web Services (AWS) and Microsoft Azure, as well as Google Cloud Platform and rival cloud services just to name a few. As part of the malicious activity, a large number of publicly available scripts and tools are used, which is ultimately used to deploy the Mirai botnet malware and other DDoS-related programs on compromised devices and servers, as well. 

PYbot, Pynet, DiscordGo, Homo Network, and a JavaScript program that implements a flood attack using HTTP/HTTPS, as well as a tool that enables the disabling of Microsoft Defender Antivirus running on Windows machines are all included in the toolkit. Moreover, this botnet monopolizes resources in infected devices, leading to the /tmp directory being set as a read-only directory, making it impossible for any other malware to compromise the same device. 

The operators of XorBot have taken a new focus on profitability. They openly advertise distributed denial of service (DDoS) attacks as a service, advertising themselves as the Masjesu Botnet, an alias for XorBot. According to NSFOCUS, Telegram has become a central platform for recruiting customers and promoting services, as well as providing an excellent foundation for further botnet growth and expansion. This botnet, whose activity is aimed at evading detection by using advanced evasion techniques, poses a significant threat to cybersecurity efforts, as it utilizes advanced evasion techniques. 

As part of the anti-tracking design, it uses passive online methods to connect with control servers without sending identifiers such as IP addresses, thereby preventing an automated tracking system from being set up, such as how it will wait for instructions and respond with random data to obscure the tracking attempt. In addition to that, this attack uses "code obfuscation" to further impede detection through the embedding of redundant code and the concealment of its signatures, preventing static analysis from being performed. 

In addition, XorBot implements a unique communication mechanism that minimizes its visibility over the network, thus making it more stealthy. It is evident from these sophisticated tactics that the botnet has evolved rapidly and that it faces a growing number of threats that are related to the Internet of Things. The NSFOCUS report estimates that botnet operators invest heavily in anti-detection and anti-tracking techniques, making it significantly more difficult for defence mechanisms to counter.
Read more »
Software Updates
AI Tool Antivirus Detection antivirus software cyber resilience Cyber Security CyberThreat EDR online threats Software Updates

Zero Trust Endpoint Security: The Future of Cyber Resilience

 

The evolution of cybersecurity has moved far beyond traditional antivirus software, which once served as the primary line of defense against online threats. Endpoint Detection and Response (EDR) tools emerged as a solution to combat the limitations of antivirus programs, particularly in addressing advanced threats like malware. However, even EDR tools have significant weaknesses, as they often detect threats only after they have infiltrated a system. The need for a proactive, zero trust endpoint security solution has become more evident to combat evolving cyber threats effectively. 

Traditional antivirus software struggled to keep up with the rapid creation and distribution of new malware. As a result, EDR tools were developed to identify malicious activity based on behavior rather than known code signatures. These tools have since been enhanced with artificial intelligence (AI) for improved accuracy, automated incident responses to mitigate damage promptly, and managed detection services for expert oversight. Despite these advancements, EDR solutions still act only after malware is active, potentially allowing significant harm before mitigation occurs. 

Cybercriminals now use sophisticated techniques, including AI-driven malware, to bypass detection systems. Traditional EDR tools often fail to recognize such threats until they are running within an environment. This reactive approach highlights a critical flaw: the inability to prevent attacks before they execute. Consequently, organizations are increasingly adopting zero trust security strategies, emphasizing proactive measures to block unauthorized actions entirely. Zero trust endpoint security enforces strict controls across applications, user access, data, and network traffic. 

Unlike blocklisting, which permits all actions except those explicitly banned, application allowlisting ensures that only pre-approved software can operate within a system. This approach prevents both known and unknown threats from executing, offering a more robust defense against ransomware and other cyberattacks. ThreatLocker exemplifies a zero trust security platform designed to address these gaps. Its proactive tools, including application allowlisting, ringfencing to limit software privileges, and storage control to secure sensitive data, provide comprehensive protection. 

ThreatLocker Detect enhances this approach by alerting organizations to indicators of compromise, ensuring swift responses to emerging threats. A recent case study highlights the efficacy of ThreatLocker’s solutions. In January 2024, a ransomware gang attempted to breach a hospital’s network using stolen credentials. ThreatLocker’s allowlisting feature blocked the attackers from executing unauthorized software, while storage controls prevented data theft. Despite gaining initial access, the cybercriminals were unable to carry out their attack due to ThreatLocker’s proactive defenses. 

As cyber threats become more sophisticated, relying solely on detection-based tools like EDR is no longer sufficient. Proactive measures, such as those provided by ThreatLocker, represent the future of endpoint security, ensuring that organizations can prevent attacks before they occur and maintain robust defenses against evolving cyber risks.
Read more »
National Cybersecurity
Cyber Security CyberCrime CyberThreat Financial crime National Cybersecurity

Australia's New Cyber Law Combats Emerging Threats

 


A new Cyber Security Act has been passed into law by the Australian government, which we should consider a very important step in our mission to protect Australians from threats posed by cyberspace. Having adopted this package, Australia will gain a cohesive legislative toolbox allowing the country to move forward with clarity and confidence in an ever-evolving cyber landscape as the law develops. Specifically, the Cyber Security Act enacts seven initiatives, first described in the Cyber Security Strategy, that will strengthen cyber security. 

A ransomware attack, also known as a crypto locker, remains one of the most common forms of cyberattack, and they are particularly dangerous because they can have such powerful effects. By 2031, it is estimated that the total cost of ransomware damage will exceed $265 billion in the world. The level of vulnerability of an organization to these attacks can vary from the smallest to the largest.

As part of the attack on Indonesia, a hacking group infected critical systems at a national data centre in July, causing over 230 government agencies and services to be down for about a week. During the past week, after the passing of Australia's first-ever Cyber Security Act, various measures have been introduced into the nation's defences to improve their security. 

A key provision of this legislation is that organizations are required to inform the government if they pay ransomware criminals - a practice that has gained popularity across the globe increasingly in recent years. Cyber Security Act 2013 is implemented under the Australia 2023-2030 Cyber Security Strategy. According to the policy, Australia was aiming to reposition itself as a leader in cyber resilience through some steps in the law, including the creation of a National Cyber Security Coordinator to coordinate a cohesive national response to cyber incidents. 

Australia's Cyber Security Minister Tony Burke made a statement in a media release regarding the Act, saying that it was "the cornerstone of the mission to protect Australians from cyber threats" and that "it forms a cohesive legislative toolbox which will enable Australia in the face of a rapidly evolving cyber landscape to move forward with clarity and confidence." 

As a result, experts have strongly urged IT leaders to update their cyber security incident response plans to take into consideration the legislative changes. Should a cyber security attack or crisis occur, they will need to communicate with the government in new ways to make sense of the confusing situation. A major change that has a direct impact on Australian organizations is the introduction of a mandatory reporting requirement for ransomware payments, as well as a new voluntary reporting regime for cyber incidents, which is intended to become mandatory over time as a consequence of the upcoming changes. 

There will be an obligation for organizations of a certain size to report ransomware payments to the government. According to the local law firm Corrs Chambers Westgarth, although the size threshold hasn't been determined, it's expected the mandate will apply to businesses with a sales turnover of more than AUD 3 million when the mandate becomes effective. The Department of Home Affairs and the Australian Signals Directorate are obligated to receive a report stating that a ransomware payment was made within 72 hours of receiving it.

Corrs is telling The Australian Financial Review that if organizations fail to report these payments, they could face a civil penalty of AUD $93,900, which is currently the value that Corrs is claiming. The report notes that despite the new mandate, the government's policy remains the same that organizations should not pay ransoms to avoid being held hostage. As per the government's view, paying ransoms to cyber-crime gangs does not contribute to the functioning of their business model, but rather only helps them keep their operations viable - and it cannot be guaranteed that organizations will be able to get their data back or keep it private from other people. 

With the new Act, a new framework was enacted for the voluntary reporting of cyber incidents, which was an excellent development. When an organisation suffers a cyberattack, the measure aims to encourage more free information sharing during those times when there is a risk of harm to other parties in the public and private sectors as well as a wider community, in order to benefit both.

In addition to the NCSC overseeing the system, any organization doing business in Australia can report incidents to the organization with the understanding that they are protected somewhat by a "limited use" obligation, which limits what the NCSC can do with the information it receives. As an example, it is important to note that by reporting a significant cyber security incident, the NCSC will be able to utilize the information for a variety of purposes under the law, such as preventing or mitigating threats to critical infrastructure and national security, and supporting intelligence agencies or law enforcement agencies, according to Corrs. 

As a result of the new regulatory obligations, organizations will have to adjust their plans in order to ensure compliance with the regulations. To ensure that these changes will be incorporated into future cyber security tabletop exercises, the CISOs and security teams will be vital in adjusting plans to account for these changes. According to Corrs, the trigger for a company to report a ransomware payment to the authorities is the payment itself rather than the fact that they receive a demand for payment from the victim.

In addition, this will have an impact on both how organizations manage these cyber decisions and how they choose to communicate them to their stakeholders. Those organisations that are classified as critical infrastructure companies under Australian privacy laws and the SOCI Act may also be required to report on an overlapping basis and within different timelines. In addition to that, if they are listed on the Australian Stock Exchange, they will be required to make continuous disclosures.
Read more »
Technology
cryptocurrency Cyberattacks CyberCrime CyberThreat Manhattan Project Simulations Supercomputers Technology

Fastest Supercomputer Advances Manhattan Project Simulations

 


Over the last few decades, the cryptocurrency industry has been afraid of the day when computers will have the capability of cracking blockchains, and taking down networks like Bitcoin and Ethereum. However, this day may be closer than they think, but even at the current speeds of supercomputers, only quantum computers could possess the capability. 

Scientists from Lawrence Livermore National Laboratory have announced that their latest supercomputer, El Capitan, can complete 2.79 quadrillion calculations in one second, making it the fastest supercomputer in the world. This is a magnitude of 2.79 followed by 15 zeroes for you to grasp its magnitude. To put El Capitan's performance into perspective, more than a million iPhones or iPads would need to be working at the same time on one calculation to equal what El Capitan is capable of in a second, according to Jeremy Thomas of the Lawrence Livermore National Laboratory. 

"That stack of phones is over five miles high. That is an enormous amount of phones." There was a big announcement made on Monday during the annual SC Conference in Atlanta, Georgia, a conference that focuses on high-performance computing and focuses on the very latest developments related to it. Among the top 500 most powerful supercomputers in the world, El Capitan has been named among the top 100 in the Top 500 Project's bi-annual list of the 500 most powerful supercomputers. 

Lawrence Livermore National Laboratory, which is located in Livermore, California, developed El Capitan in collaboration with Hewlett-Packard Enterprise, AMD and the Department of Energy, among other companies. Obviously, supercomputers are geared towards running complex tasks such as simulations, artificial intelligence development, research, and development while operating at much higher speeds than an average computer, as the name implies. 

A computer such as El Capitan, for example, is capable of performing 2.7 quadrillion operations per second, which is up to 5.4 million times faster than the average home computer, which performs a few operations a second. Thomas compared the computational power of the El Capitan supercomputer to a staggering human effort, estimating that it would require the combined work of over 8 billion people operating simultaneously for eight years to achieve what El Capitan accomplishes in a single second. 

The extraordinary capabilities of El Capitan have sparked discussions about its potential implications for industries reliant on robust cryptographic systems, particularly blockchain technology. The blockchain ecosystem, which depends heavily on secure encryption methods, has raised concerns about whether such a powerful machine could undermine its foundational security principles. 

Despite these apprehensions, experts in blockchain encryption have reassured that the fears are largely unfounded. Yannik Schrade, CEO and co-founder of Arcium explained to Decrypt that overcoming the security of blockchain systems would require an overwhelming computational feat. “An attacker would need to brute-force every possible private key,” Schrade noted. 

To put it into perspective, with a private key length of 256 bits, an attacker attempting to compromise transactions would need to exhaustively test all 256-bit key combinations. This level of computation, even with the power of El Capitan, remains practically unachievable within a reasonable timeframe, reaffirming the resilience of blockchain cryptographic systems against potential threats from even the most advanced technologies. 

These insights emphasize the sophistication and continued reliability of cryptographic standards in safeguarding blockchain security, even as computational technologies advance to unprecedented levels.
Read more »
Privacy
CyberCrime CyberThreat Datasecurity Dating App Military Concerns Privacy

Data Privacy Issue Emerges on Popular Military Dating App

 


In the course of exploring the Internet, it was discovered that the general public may access an online database belonging to Forces Penpals, a platform that caters to armed forces personnel from the US and UK. A cybersecurity researcher, Jeremiah Fowler, discovered and reported a leak of an unsecured database to vpnMentor. This exposed over 1.1 million sensitive records, such as images of users and proof of service documents, raising privacy and security concerns among military members and supporters alike. 

An independent cybersecurity researcher has discovered a publicly exposed database on a popular dating app that may have been containing user data that wasn't encrypted or protected by passwords, making it a potential threat to service members today. According to Jeremiah Fowler of vpnMentor, nearly 1.2 million U.S. and UK military personnel using Forces Penpals, a social networking site and dating service, compromised their personal information. 

No, we are not talking about just the data of 1.2 million people you have access to. A date range is not provided for the duration of the database's exposure, nor is it known if any unauthorized individuals have accessed the information. The problem was brought to the attention of Fowler, who notified Forces Penpals, which has since restricted public access to the website. The platform, which was launched in 2002 as a letter-writing service for the British military, has since grown to be used by service members from the U.S. and UK. 

However, the platform contains sensitive information about individual service members, including their details and addresses. He found that the data he encountered during his research included images of users and copies of sensitive proof of service documents that contained names, addresses, Social Security numbers, and National Insurance Numbers of individuals from the UK. 

During the discovery of this publicly available database, it was found that it had neither password protection nor encryption. The database contained 1,187,296 documents in total. Based on a limited sampling of the document samples, it appears that the vast majority of the documents are images created by users, while some of the documents include potentially sensitive proofs of service. As part of these documents, there were full names (first names, middle names, and last names), postal addresses, Social Security Numbers (US), National Insurance Numbers, and Service Numbers (UK), as well as personal details such as addresses and telephone numbers. 

There is also a lot of sensitive data on these websites, such as ranks, branches of service, dates, locations, and other details that should have never been made accessible to the general public. Upon further investigation, it transpired that the records had in fact been associated with Forces Penpals, a dating service and social networking community for military service members and their family members. It was subsequently decided to restrict public access to the database two days after a responsible disclosure of the information. 

Consider the possibility that the United States or the United Kingdom enact a member verification system in the future. Typically, Fowler's report mentions that most of the documents were images of individuals, but a portion of those images were also of highly sensitive records related to military activities. From a technically speaking standpoint, there is no way of filtering through and searching text in images to determine the exact number," Fowler, added that this is not possible.

Following Fowler's discovery, Forces Penpals was promptly notified of the responsible disclosure notice, and subsequent restrictions on public access to the database were put in place on the same day. An acknowledgement of the issue was made by Forces Penpals, which explained that it was caused by a coding error, which misrouted documents to an insecure storage directory. There is no issue regarding the photos being public anyway, as they are already public, however, there is a problem when it comes to the documents being public. 

The extent of the database exposure, or whether unauthorized parties have had access to the information, is currently unclear, as well as the duration of the exposure. A forensic audit would be required to determine the extent of the breach and identify any suspicious activities that were taking place in the background. In the wake of the recent data breach, it is clear that inadequate cybersecurity measures can pose a serious risk to sensitive information, especially when these platforms are used to handle sensitive information.

There has been an exponential increase in cyberattacks targeted at military personnel and allied organizations over the past few years, illustrating that the threat landscape is rapidly changing. According to the FBI, in October 2024, a hacking group that was linked to Russian intelligence tried to infiltrate systems including those belonging to Western think tanks, journalists, and former military officials, which illustrated the real-world dangers of data exposure and potential exploits in the future. 

Even though no evidence has been found to suggest that Forces Penpals users were specifically targeted as a result of the breach, this incident is nonetheless an important lesson for organizations that handle personal and sensitive data to learn from. Security expert Fowler stresses the importance of establishing robust measures to keep information safe and secure as he discussed cybersecurity. 

It is highly recommended to implement enhanced access controls and multi-factor authentication, separate sensitive data by segmenting it, conduct regular security audits and penetration testing, and develop comprehensive incident response plans that will help address breaches as quickly as possible.
Read more »
Ethereum
cryptocurrency Cyber Heist Cyber Security Cyberattacks CyberCrime CyberThreat Ethereum

North Korea Implicated in $50M Upbit Cyber Heist

 


According to South Korean investigators, the Upbit cryptocurrency heist that resulted in the theft of $50 million worth of Ethereum in 2019 was carried out by North Korean hacker groups Lazarus and Andariel, which are related to the Reconnaissance General Bureau, the leading intelligence organization within the DPRK. There are three months left until the 5th anniversary of the attack on Upbit, one of the world's leading crypto exchanges in South Korea. 

An amount of 342,000 Ethereum, valued at approximately $147 per ether, was stolen from the exchange's hot wallet during the incident. Taking into account the current exchange rate, the stolen stash would have been worth around 1.47 trillion won today, or about $1.04 billion. A hot wallet, which is constantly connected to the internet as part of its operational function, is more at risk of cyberattacks than cold wallets because of this connection. 

To evade detection, hackers frequently use multiple blockchain wallets to store stolen assets, which is a common method they use to obscure a trail of stolen information. It was immediately suspended removals and deposits, the exchange's remaining funds were secured, and users were reassured for their losses that they would receive full compensation from the company. 

A recent Upbit hack has highlighted the important role that international collaboration plays in reducing state-sponsored cybercrime in the cryptocurrency sector and addressing the issue at hand. The government, industry leaders, and cybersecurity firms need to get together and establish a global framework for the protection of digital assets and the pursuit of those who seek to harm them. 

In the summer of 2018, hackers were successful in infiltrating Upbit's hot wallet and transferred approximately 342,00( ETH (at the time worth 8.5 billion won or around USD 7 million) to a wallet known to them. In the wake of this breach, the security of centralized exchanges and the protocols they use for protecting the digital assets of their users has been raised immediately as a concern. Despite their convenience for instant transactions, hot wallets are more vulnerable to cyberattacks because they are connected to the Internet. 

The incident at Upbit made it apparent how dangerous these storage solutions can be in the long run. After recognizing the hack and moving the remaining user funds to cold walletsomfine storage solutions that are considerably more difficult to breach, Upbit swiftly responded and immediately acted upon the discovery of the hack. As a result of this proactive action, there were no further losses and a demonstration that the exchange is prepared for situations like this. 

Upbit has taken steps to protect its users from further loss as soon as the breach was detected, providing a detailed account of the extent of the loss and the steps being taken to resolve the matter. Users' trust needed to be maintained during the crisis by maintaining transparency. Several investigative agencies, including the National Intelligence Service (NIS) of South Korea and other intelligence agencies, have confirmed that North Korea has been involved in the attack after an extensive investigation. 

It appears that the hackers infiltrated Upbit's systems using sophisticated phishing tactics, social engineering, and advanced malware techniques to compromise its sensitive data. The Lazarus Group, also known as LG Group, is one of the most infamous cybercrime groups linked to North Korea. With at least ten years of cyber experience, the group has gained notoriety for a wide array of activities, including hacking, data theft, and espionage. 

To circumvent international sanctions, it is believed that this group is financing North Korea's nuclear and weapons programs through the activities it performs. There is a strong suspicion that the breach was caused by North Korea's Lazarus Group, which is notorious for its cyber espionage and financial theft operations. One of the most high-profile attacks in recent months has been the WannaCry ransomware attack in 2017 and the Bangladesh Bank heist in 2016. 

The group has been linked to several high-profile hacking attacks. Five-sevenths (57%) of the stolen Ethereum has been sold at a discount of 2.5% on three exchanges that are run by the North Korean government, with the remainder of the stolen Ethereum being laundered through 51 overseas exchanges of this type. Cryptocurrency exchanges in Switzerland have been storing some of the stolen Ethereum in the form of Bitcoin. 4.8 Bitcoin, valued at nearly 600 million won, were found by the South Korean authorities after four years of legal proceedings. 

The Bitcoins were returned to Upbit in October 2024 after a four-year legal procedure. A copycat crime may be prevented by police withholding details of the North Korean hacking operation's techniques because of the risk of copycats, but police emphasize that the operation was unprecedented in scope and sophistication. At the same time, the Financial Intelligence Unit (FIU) of the Republic of Korea is investigating Upbit's operations in light of issues related to possible non-compliance with KYC regulations.

Reports suggest that there were 500.000 to 600,000 cases in which the exchange failed to verify customer identity due to problems with identification documents and incomplete information provided by the customer. If regulators discover these lapses, they may take action against the company. As a result of years of experience and ongoing research, the Lazarus Group and similar outfits have refined their method to target prominent crypto platforms across the globe. 

An instance of the group's involvement was linked to the hacking of the Indian exchange WazirX, in which $230 million had been stolen. Even though international sanctions have been placed on the North Korean government and efforts have been made to shut down the country's operations, there is a persistent effort to exploit crypto vulnerabilities through various techniques. 

The accounts of these groups have been estimated to have stolen over $7 billion in crypto over the past seven years, a great deal of which was used to fund North Korea's nuclear weapons program. .ANdariel is another group of cybercriminals operating under the aegis of North Korea's Reconnaissance General Bureau that operates as a subdivision of the notorious Lazarus Group, known for its high level of sophistication.  In addition to financial cyberattacks, Andariel is also known for hacking banks, ATMs, cryptocurrency platforms, and other online platforms. 

The group's operations in North Korea are considered a major part of the country’s illicit revenue generation efforts, with most of the activities focused on circumventing international sanctions. Using advanced malware and hacking techniques, the group has penetrated networks and stolen financial assets. In contrast to the Lazarus Group, which is recognized for its large-scale cyber campaigns often tied to political agendas, Andariel follows a more precise and profit-driven approach. 

Rather than pursuing widespread disruption or ideological objectives, Andariel focuses on carefully selected targets to maximize financial rewards. Their operations are characterized by calculated tactics designed to exploit specific weaknesses for economic gain. This differentiation underscores the varied methodologies employed by cyber actors, even within the same network, each aligning their activities to distinct priorities and outcomes.
Read more »
Travel Platforms
AI- powered Cybersecurity CyberThreat Data Policy Transparency Hong Kong Data Protection Privacy Travel Platforms

Travel Platforms Criticized Over Data Policy Transparency

 


Hong Kong's privacy watchdog said in a report published on Monday that about one-third of online travel, platforms do not indicate the dates for which personal data will be retained, urging operators to designate staff to monitor compliance with regulations and to implement the most protective options as the default. 

In a joint statement, the Hong Kong Data Protection Commission and 15 international data protection agencies have outlined measures to promote privacy in social media platforms, amid growing concerns that information is being collected to train artificial intelligence (AI) for use in consumer products. The Privacy Commissioner of Hong Kong, Ada Chung Lai-ling, said on Saturday that, along with the AI development, a large-scale data collection was also carried out from social media users, hundreds of thousands of whose personal information had been scraped and shared with external companies to build data sets for advertising use. 

Several data privacy authorities around the globe are concerned about this practice - some involving legal actions and some not - that, according to Chung, has become a global issue, which concerns privacy authorities in countries like the United Kingdom, Canada, Mexico, and Spain. There are 16 authorities, including Hong Kong's Privacy Commissioner for Personal Data, who have signed a joint statement on Tuesday defining global standards for the protection of data and expressing their expectations of organizations to adhere to these standards. 

In an announcement on Monday, the Office of the Privacy Commissioner for Personal Data said it had reviewed 10 online travel platforms and found that two operators had indicated that users' data could be utilized in AI-powered services. In addition to that, they also aim to help residents gain a better understanding of how these platforms secure their data by providing them with easy access to their privacy policies and user interface design, thus strengthening their ability to protect their personal information when placing orders online for travel products. 

Ten platforms, using their websites and mobile applications, were assessed during the review, which was conducted between February and October. There were only five sites that included sections in their privacy policies about data retention, namely Agoda, EGL Tours, Expedia, Trip.com, and WWPKG, and the others did not. 

The watchdog commended Expedia for setting clear deadlines and conditions for the retention of user data and for acting proactively, which it believes other companies should learn from. When contacted by the office, two of the platforms - Goldjoy Holidays and Wing On Travel - confirmed that they had added data retention clauses to their privacy policies as part of their processes. Despite this, Miramar Travel, Sunflower Travel, and Travel Expert have not provided such information to customers so far, it was stated. According to the review, both Expedia and Agoda have clearly stated that they use AI for the enhancement of their services, which may include the collection and use of personal information as part of the process. 

Expedia states that it uses such data to provide customers with destination recommendations, price comparisons and other features as described in its policy. There was a similar concern raised by the UK's Information Commissioner's Office about the company's collection of British users' data in September and as a result, the company suspended the collection of users' data. According to Chung, the measures and principles outlined in the joint statement would be applicable globally, and it would be the legal authorities' responsibility to enforce them. There was a report that the watchdog was investigating a platform that was not under the jurisdiction of Hong Kong, which was suspected to be violating the Personal Data (Privacy) Ordinance, by a report. 

It is important to note, however, that she did not go into much detail about this case. According to the watchdog, even though some platforms still did not contain sections on data retention, all the platforms did provide their privacy policies to users, and they all explained why user information was collected and what it was used for. Furthermore, according to the operators, several third parties may be able to receive the data of their customers, including airlines and insurance companies. In its review report, the office stated that all the platforms were tracking users' activities, collecting data such as their location information and browsing histories, and obtaining their consent to engage in direct marketing activities. 

A recommendation made by the office suggests that the platforms implement a personal data privacy management program and that they appoint a data protection officer to monitor compliance with privacy regulations regularly Also, the report recommended that the companies adopt the privacy-by-design principle, which would entail setting the most protective option as the default, and disclosing in their policies whether or not AI had been used in the process of processing personal information. 

Travel policies are considered by only 8% of travellers before accepting a job before accepting a new one, but they play an important role in deciding whether they will stay with the company or leave. Travellers' perceptions of the impact this has on their job tenure vary significantly across regions, with nearly half of those living in APAC certifying that it has an impact, compared to 27% living in EMEA and 21% living in North America. Creating policies that are tailored to regional needs may enhance the retention and compliance of employees. 

In addition to data breaches, Chung noted that one other challenge global privacy authorities have to deal with is data breaches. He said the agency had tracked 155 reports in the first three quarters, compared to 157 reports last year. A recent data breach at the South China Athletic Association has compromised the personal information of over 70,000 individuals. This incident follows a similar cyberattack on the charity Oxfam in August, which exposed sensitive data of more than 470,000 users. 

Cybersecurity expert Chung commented on the growing prevalence of such breaches, noting that they have become an expected challenge in today’s digital age. She emphasized that while data breaches are increasingly common, they serve as critical reminders for organizations in both the public and private sectors to prioritize robust data and privacy safeguards. Chung also highlighted that every reported breach contributes to a broader awareness among businesses and institutions, urging them to take proactive steps in fortifying their cybersecurity measures. 

These incidents underscore the pressing need for organizations to adopt advanced security protocols and maintain strict vigilance in managing personal and sensitive data. As threats continue to evolve, the collective effort to safeguard digital infrastructure remains paramount.
Read more »
Youtube
Amazon Audible ClearFake Cyber Security CyberCrime Cyberhackers CyberThreat Google Youtube

Amazon and Audible Face Scrutiny Amid Questionable Content Surge

 


The Amazon online book and podcast services, Amazon Music, and Audible have been inundated by bogus listings that attempt to trick customers into clicking on dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software for sale. It is becoming increasingly common to abuse Spotify playlists and podcasts to promote pirated software, cheat codes for video games, spam links, and "warez" websites. 

To spam Spotify web player results into search engines such as Google, threat actors can inject targeted keywords and links in the description and title of playlists and podcasts to boost SEO for their dubious online properties. In these listings, there are playlist names, podcast description titles, and bogus "episodes," which encourage listeners to visit external links that link to places that might cause a security breach. 

A significant number of threat actors exploit Google's Looker Studio (formerly Google Data Studio) to boost the search engine ranking of their illicit websites that promote spam, torrents, and pirated content by manipulating search engine rankings. According to BleepingComputer, one of the methods used in the SEO poisoning attack is Google's datastudio.google.com subdomain, which appears to lend credibility to the malicious website. 

Aside from mass email spam campaigns, spammers are also using Audible podcasts as another means to spread the word about their illicit activities. Spam can be sent to any digital platform that is open to the public, and no digital platform is immune to that. In cases such as those involving Spotify or Amazon, there is an interesting aspect that is, one would instinctively assume that the overhead associated with podcasting and digital music distribution would deter spammers, who would otherwise have to turn to low-hanging fruit, like writing spammy posts to social media or uploading videos that have inaccurate descriptions on YouTube. 

The most recent instance of this was a Spotify playlist entitled "Sony Vegas Pro 13 Crack...", which seemed to drive traffic to several "free" software sites listed in the title and description of the playlist. Karol Paciorek, a cybersecurity enthusiast who spotted the playlist, said, "Cybercriminals exploit Spotify for malware distribution because Spotify has become a prominent tool for distributing malware. Why? Because Spotify's tracks and pages are easily indexed by search engines, making it a popular location for creating malicious links.". 

The newest business intelligence tool from Google, Looker Studio (formerly, Google Data Studio) is a web-based tool that allows users to make use of data to create customizable reports and dashboards allowing them to visualize and analyze their data. A Data Studio application can, and has been used in the past, to track and visualize the download counts of open source packages over some time, such as four weeks, for a given period. There are many legitimate business cases for Looker Studio, but like any other web service, it may be misused by malicious actors looking to host questionable content on illegal domains or manipulate search engine results for illicit URLs. 

Recent SEO poisoning campaigns have been seen targeting keywords related to the U.S. midterm election, as well as pushing malicious Zoom, TeamViewer, and Visual Studio installers to targeted sites.  In advance of this article's publication, BleepingComputer has reached out to Google to better understand the strategy Google plans to implement in the future.

Firstory is a new service launched in 2019 that enables podcasters to distribute their shows across the globe, and even connect with audiences, thereby empowering them to enjoy their voice! Firstory is open to publishing podcasts on Spotify, but it acknowledges that spam is an ongoing issue that it is increasingly trying to address, as it focuses on curtailing it as much as possible. 

Spam accounts and misleading content remain persistent challenges for digital platforms, according to Stanley Yu, co-founder of Firstory, in a statement provided to BleepingComputer. Yu emphasized that addressing these issues is an ongoing priority for the company. To tackle the growing threat of unauthorized and spammy content, Firstory has implemented a multifaceted approach. This includes active collaboration with major streaming platforms to detect and remove infringing material swiftly. 

The company has also developed and employed advanced technologies to scan podcast titles and show notes for specific keywords associated with spam, ensuring early identification and mitigation of potential violations. Furthermore, Firstory proactively monitors and blocks suspicious email addresses commonly used by malicious actors to infiltrate and disrupt digital ecosystems. By integrating technology-driven solutions with strategic partnerships, Firstory aims to set a higher standard for content integrity across platforms. 

The company’s commitment reflects a broader industry imperative to protect users and maintain trust in an ever-expanding digital landscape. As digital platforms evolve, sustained vigilance and innovation will be essential to counter emerging threats and foster a safer, more reliable online environment.
Read more »
Privacy
Cyberattacks CyberCrime Cyberhackers Cybersecurity CyberThreat Data Leak Microsoft Power Pages Misconfiguration Privacy

Data Leak Reported Due to Power Pages Misconfiguration


 

The Power Pages platform from Microsoft offers users an easy-to-use, low-code platform that enables them to build data-driven websites with only a little bit of programming knowledge or experience. In both the public and private sectors, companies large and small rely on this tool to facilitate the collection and analysis of data that can assist them with all manner of problems that may arise from customers or citizens seeking information to solve a problem. 

There may be other issues regarding these web pages, such as the possibility of leaks of sensitive information for their respective organizations as well if the settings for these web pages are not set up properly.  According to cybersecurity researchers, a new vulnerability has been discovered in Microsoft Power Pages that stems from misconfigured access controls within websites built with this platform that can expose sensitive data. 

If the vulnerability resulted in millions of sensitive business records being exposed to unauthorized users, this could pose a serious security risk for affected organizations as a result. It is an application service platform, that is based on the Power Platform, and offers developers a low-code platform that can be used to build externally facing websites on top of Microsoft's infrastructure without a lot of coding. 

To guarantee a layer of access control, the Power Pages system uses a layered approach when it comes to writing a custom website. A site's permissions can be configured from a table level, a column level, or a column-level. Despite these risks, misconfigurations of these settings can unintentionally expose sensitive data to the public internet when businesses misconfigure these settings.  Organizers can expose more columns to the Web API than are necessary, thereby increasing the potential attack surface of their applications. 

According to Aaron Costello, AppOmni's chief of SaaS security research, Power Pages users have to pay more attention to the software's security settings to ensure their information is protected, especially given the product's popularity. It was announced earlier this year that websites that are created using Power Pages have over 250 million users every month, according to a statement from Microsoft.  Several AppOmni and Microsoft 365 customers are now using AppOmni Insights to assist with the detection of these kinds of exposures and to provide subsequent remediation guidance if such exposures are found. 

For a detailed understanding of how these kinds of vulnerabilities can arise, it is worthwhile to first understand the platform's RBAC model and how Power Pages are constructed. In contrast to traditional custom web development, Power Pages has the following main advantages: out-of-the-box (OOB) role-based access control (RBAC), the option of using Microsoft's Dataverse as the database automatically and the ease of a drag-and-drop interface, which is made possible by prebuilt components, which greatly reduces the need for custom code in the design of the web site. 

Affording too many permissions to roles like "Anonymous Users" (non-authenticated visitors) and "Authenticated Users" (authenticated visitors) may expose an organization to potential data leaks, which may not have been anticipated. It is worth noting that Microsoft's customers have the option of easily deploying these data-driven web applications. However, if these applications are mismanaged from a security perspective, they may have a heavy cost to pay for their security. This data is primarily made up of internal organization files as well as sensitive personal information regarding both users from inside the organization and those who register on the website and are registered to either organization. 


PII was recovered from most of these cases and consisted of full names, email addresses, phone numbers, and addresses for the home, in the majority of cases.  The information of over 1.1 million NHS employees was leaked by a large shared business service provider to the NHS, with many parts of the data including email addresses, telephone numbers, and even the addresses of the employees' homes, and this was being done without the employee's knowledge. 

In this particular case, the findings were fully disclosed responsibly and have been resolved since then. A lack of understanding of the access controls in Power Pages, as well as insecure custom code implementations are the main reasons for these data leaks. With excessive permissions given to unauthenticated users, any user may be able to extract records from the database if they have access to the readily available Power Page APIs available on the web. 

A Power Pages site also allows users to generate accounts and become authenticated with the help of APIs once they have registered. Users from outside of the company can also be granted global access for reading operations on the system. Researchers identified that the absence of column-level security in Microsoft Power Pages could enable unauthorized individuals to access sensitive data without restrictions. Additionally, it was noted that users often fail to replace sensitive information with masked strings, further exacerbating security vulnerabilities. 

In response, Microsoft has implemented multiple safeguards within the backend of Power Pages and Power Platform Apps. These measures include warning banners across all Power Platform admin console pages, as well as prominent alerts and warning icons on the table permissions configuration page of Power Pages. These updates aim to help administrators identify and address potentially risky configurations. This incident underscores the importance of proactive security practices in safeguarding sensitive data. Organizations utilizing Power Pages are encouraged to review and strengthen their configurations to mitigate risks and enhance overall security.
Read more »
CyberThreat
Black Friday Consumer Protection Cyber Security CyberCrime Cyberhackers CyberThreat

Consumer Protection in Focus Amid Black Friday in South Africa

 


November 29 is the date when Black Friday offers will be available, marking the beginning of the Christmas shopping season for many consumers. There is a lot of speculation that scammers will increase their game in the coming days, which gives it even more reason to be aware of the signs of threatening phoney texts. As the critical Black Friday and festive season periods approach, the retail industry in South Africa is showing signs of resilience, according to the latest State of the Retail Nation report produced by NIQ South Africa. 

The report examines the industry's expectations over the upcoming period. A recent warning from Standard Bank alerted South Africans to the fact that scams are on the rise as Black Friday approaches, with criminals increasingly using persuasive tactics to attract people's attention.  Even though there have been no studies on how Black Friday will affect the local economy, it appears to have the potential to generate R88 billion of economic activity in South Africa in 2024.  

Based on Capital Connect's findings, South Africa's wholesale, retail, and fuel sectors will contribute a total of R88 billion in additional economic value to the economy in November 2024. The Bureau of Market Research has conducted a study that shows that the Black Friday sales in South Africa will spur R22 billion in increased direct sales this year, with a further R28 billion in indirect economic impact on the country. 

There is expected to be an additional economic value of over R88 billion for the South African economy due to the growing interest of customers in Black Friday sales taking place in November 2024 in this country's wholesale, retail, and fuel sectors. Based on the results of a research report published by the Bureau of Market Research on behalf of fintech Capital Connect. 

During the holiday shopping season this year, retailers in South Africa will likely produce R22 billion in additional direct revenue as a result of Black Friday, and R28 billion in indirect economic impacts as a result of it. Further, the wholesale industry is expected to gain additional sales of R32.1 billion, while fuel sales are expected to increase by R6.2 billion as well.  

As a result of the study, consumers seem to be more interested in Black Friday in 2024 than in the previous three years (2021-2023). The result of this is expected to push retail sales in November 2024 to a value of approximately R136 billion, up 17.3% when calculated in nominal terms from the R116.1 billion of retail sales recorded in November 2023. 

After a long period of economic stagnation and retail stagnation, the positive outlook for Black Friday 2024 suggests that the tide is turning for South African retailers after a long period of economic stagnation and retail stagnation," said Steven Heilbron, CEO of Capital Connect, which is part of Lesaka Technologies, a Nasdaq- and JSE-listed company.  Several factors have contributed to a better economic outlook, including a marked reduction in load-shedding, the introduction of the Two-Pot Retirement System, a reduction in interest rates, and a decrease in inflation. 

There is a rising trend in consumer confidence that will give an advantage to innovative retailers with the right product mix and promotions."  In this year's challenging retail climate, Black Friday sales will provide a welcome boost to retailers who have struggled to operate. The formal retail sector, on the other hand, is predicted to show real growth of only 1.4% in 2024 with an increase of just 0.6%. In a study conducted by Standard Bank, it was revealed that scams are widespread in Gauteng, where 38% of cases were reported. KwaZulu-Natal had 18%, while the Western Cape had 15%.  

In his statement, Rathogwa noted that the bank has begun noticing some concerning trends around Black Friday, including an increase in the amount of social media fraud, which has been particularly persuasive.  It is still a significant threat that deceptive emails are sent by fraudsters purporting to be emails from legitimate companies, such as retailers, streaming services, and banks, to mislead users.  Several emails contain links to fake websites that are designed to collect sensitive information, such as login details and passwords.  

The scammers also make use of luring strategies to entice the recipient into clicking on links that they believe are malicious, as well as offering rewards to the first few buyers. As well as this particular tactic, more and more fraudsters are also using social media accounts to promote offers that are heavily discounted, and sometimes even free. This type of scam is increasingly common.  A scam artist creates a page on Facebook, builds a fan base, and posts false reviews trying to entice the public to buy.

Upon engaging an interested buyer, the conversation switches to WhatsApp to discuss details about the buyer's bank account, courier service, and so on.  Upon making the payment and providing proof to the police, the victim's social media pages and phone numbers will have disappeared from the Internet. Whenever a deal seems too good to be true, it most likely is. Be careful if someone puts a lot of pressure on users to make a quick payment to secure a deal. Rathogwa also warned customers to watch out for fake websites that often look exactly like legitimate retailers" he added.  

To protect against Black Friday scams, experts advise consumers to take several precautions while shopping online or in-store. Shoppers should confirm the authenticity of a purchase before proceeding by buying only from trusted and verified sources. Carefully reviewing transaction details and ensuring that any One-Time Pin (OTP) generated corresponds to the specific transaction is critical. Verifying beneficiary account details before making electronic transfers is also recommended, with tools such as Standard Bank’s Account Verification Service offering an added layer of security. 

It is equally important for individuals to manage the security of their devices. Any unused, sold, lost, or stolen devices should be delinked from online banking profiles immediately, and banks should be notified without delay if a device is misplaced. Furthermore, shoppers are encouraged to report any suspicious activity to their financial institutions. 

Rathogwa emphasizes the importance of scrutinizing web addresses for typos or subtle alterations, as scammers frequently create fraudulent websites that mimic legitimate retailers. Such vigilance can help safeguard personal and financial information during the shopping season.
Read more »
UMI
AI technology Apple CyberCrime Cyberhackers Cybermedia Cybersecurity CyberThreat iOS iPhone Users Privacy reboot Software Updates UMI

Reboot Revolution Protecting iPhone Users

 


Researchers at the University of Michigan (UMI) believe that Apple's new iPhone software has a novel security feature. It presents that the feature may automatically reboot the phone if it has been unlocked for 72 hours without being unlocked. 

As 404 Media reported later, a new technology called "inactivity reboot" was introduced in iOS 18.1, which forces devices to restart if their inactivity continues for more than a given period.  Aside from the Inactivity Reboot feature, Apple continues to enhance its security framework with additional features as part of its ongoing security enhancements. Stolen Data Protection is one of the features introduced in iOS 17.3. It allows the device to be protected against theft by requiring biometric authentication (Face ID or Touch ID) before allowing it to change key settings. 

There are various methods to ensure that a stolen device is unable to be reconfigured easily, including this extra layer of security. With the upcoming iOS 18.2 update, Apple intends to take advantage of a feature called Stolen Data Protection, which is set to be turned off by default to avoid confusing users. However, Apple plans to encourage users to enable it when setting up their devices or after a factory reset to maintain an optimal user experience. 

As a result, users will be able to have more control over the way their personal information is protected. Apple has quietly introduced a new feature to its latest iPhone update that makes it even harder for anyone to unlock a device without consent—whether they are thieves or law enforcement officers. With this inactivity reboot feature, Apple has made unlocking even more difficult for anyone. When an iPhone has been asleep or in lock mode for an extended period, a new feature is introduced with iOS 18.1 will automatically reboot it in addition to turning it off. 

A common problem with iPhones is that once they have been rebooted, they become more difficult to crack since either a passcode or biometric signature is required to unlock them. According to the terms of the agreement, the primary objective of this measure is to prevent thieves (or police officers) from hacking into smartphones and potentially accessing data on them. There is a new "inactivity reboot" feature included in iOS 18 that, according to experts who spoke to 404 Media, will restart the device after approximately four days of dormancy if no activity is made.

A confirmation of this statement was provided by Magnet Forensics' Christopher Vance in a law enforcement group chat as described in Magnet Forensics' Christopher Vance, who wrote that iOS 18.1 has a timer which runs out after a set amount of time, and the device then reboots, moving from an AFU (After First Unlock) state to a BFU (Before First Unlock) state at the end of this timer. According to 404 Media, it seems that the issue was discovered after officers from the Detroit Police Department found the feature while investigating a crime scene in Detroit, Michigan.

When officers were working on iPhones for forensic purposes in the course of their investigation, they noticed that they automatically rebooted themselves frequently, which made it more difficult for them to unlock and access the devices. As soon as the devices were disconnected from a cellular network for some time, the working theory was that the phones would reboot when they were no longer connected to the network.  

However, there are actually much simpler explanations that can be provided for this situation. The feature, which AppleInsider refers to as an inactivity reboot, is not based on the current network connection or the state of the battery on the phone, which are factors that may affect the reboot timer. The reboot typically occurs after a certain amount of time has elapsed -- somewhere around 96 hours in most cases.  Essentially, the function of this timer is identical to the Mac's hibernation mode, which is intended to put the computer to sleep as a precaution in case there is a power outage or the battery is suddenly discharged. 

During the BFU state of the iPhone, all data on the iPhone belongs to the user and is fully encrypted, and is nearly impossible for anyone to access, except a person who knows the user's passcode to be able to get into the device. However, when the phone is in a state known as "AFU", certain data can be extracted by some device forensic tools, even if the phone is locked, since it is unencrypted and is thus easier to access and extract.  

According to Tihmstar, an iPhone security researcher on TechCrunch, the iPhones in these two states are also known as "hot" devices or "cold" devices depending on their temperature.  As a result, Tihmstar was making a point to emphasize that the majority of forensic firms are focusing on "hot" devices in an AFU state as they can verify that the user entered the correct passcode in the iPhone's secure enclave at some point. A "cold" device, on the other hand, is considerably more difficult to compromise because its memory can not be easily accessed once the device restarts, so there is no easy way to compromise it.

The law enforcement community has consistently opposed and argued against new technology that Apple has implemented to enhance security, arguing that this is making their job more difficult. According to reports, in 2016, the FBI filed a lawsuit against Apple in an attempt to force the company to install a backdoor that would enable it to open a phone owned by a mass shooter. Azimuth Security, an Australian startup, ultimately assisted the FBI in gaining access to the phone through hacking. 

These developments highlight Apple’s ongoing commitment to prioritizing user privacy and data security, even as such measures draw criticism from law enforcement agencies. By introducing features like Inactivity Reboot and Stolen Data Protection, Apple continues to establish itself as a leader in safeguarding personal information against unauthorized access. 

These innovations underscore the broader debate between privacy advocates and authorities over the balance between individual rights and security imperatives in an increasingly digitized world.
Read more »
Synthetic Data
CyberCrime Cyberhackers Cybersecurity CyberThreat Healthcare Privacy Synthetic Data

Reimagining Healthcare with Synthetic Data

 


It has been espoused in the generative AI phenomenon that the technology's key uses would include providing personalized shopping experiences for customers and creating content. Nonetheless, generative AI can also be seen to be having a very real impact on fields such as healthcare, for example. There is a tectonic shift in healthcare and life sciences, as technology is being implemented and data-driven systems are being integrated. 

A must-follow trend in this revolution is the burgeoning use of synthetic data, a breakthrough advancement poised to reshape how medical research is conducted, AI is developed, and patient privacy will be protected in the coming years. Data available in synthetic format is comparable to data available in real-world format (such as real fibers such as hemp). In the course of human evolution, humans have created synthetic products to achieve our goals and to develop new products that improve our lives in many different ways. 

It's widely known that synthetic fiber is used in clothing, rope, industrial equipment, automobiles, and many other places. It is because of the ability to create synthetic fiber that a wide range of products can be created that are needed in modern life. Healthcare is another area where synthetic data can have an impact similar to that of traditional data. Synthetic data is created based on real-world data using a data synthesizer. 

These synthesizers may leverage different methods to create synthetic data that have the same statistical and correlative properties as the original data; however, they are completely independent from the real-world data (1, 2). Notably, synthetic data do not contain any personal identifying information which ensures personal privacy and full compliance with privacy regulations such as the EU’s General Data Protection Regulation (GDPR). 

The use of high-fidelity synthetic data for data augmentation is an area of growing interest in data science, generating virtual patient cohorts, such as digital twins, to estimate counterfactuals in silico trials, allowing for better prediction of treatment outcomes and personalised medicine. Synthetic data allows clinicians to use prompts to generate a conversation between a patient with depression and a therapist where they are discussing the onset of symptoms. 

Healthcare providers can also use partially synthetic data, which takes a real-life transcript and has AI adjust it to remove personally identifiable information or private health information, while still telling a cohesive story. This data can then be used to train AI models to develop transcripts, training materials and so on. Regardless of whether the data is fully or partially synthetic, the data can (and often is) adjusted as needed with additional prompts until it reaches the desired result. Healthcare is subjected to a variety of privacy rules through HIPAA. 

Eliminating these privacy concerns is a primary reason Read feels synthetic data is valuable in training models. With synthetic data, healthcare providers don’t need to use real people’s data to train models. Instead, they can generate a conversation that is representative of a specific therapeutic intervention without involving anyone’s protected health information. As Read explains, “Synthetic data also makes it easy to calibrate what we’re looking for — like to generate different examples of how a healthcare provider could say something explicitly or implicitly. This makes it easier to provide different examples and tighten up the information we provide to AI models to learn from, ensuring that we can teach it the right data for providing training or feedback to real-world clinicians.” 

Synthetic data also democratizes the ability of different healthcare organizations to train and fine-tune their own machine learning models. Whereas previously, an organization might need to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians as well as other data points, synthetic data erases this barrier to entry. Synthetic data allows for models to learn and build out responses at a much faster rate — which also makes it easier for new players in healthcare to enter the field. 

As Read’s insights reveal, the use of AI and synthetic data isn’t going to replace clinicians’ value or decision-making authority. But with the help of synthetic data, AI can help push clinicians in the right direction to ensure that there is greater standardization and adherence to best practices. As more providers begin to utilize synthetic data to ensure they are following best practices in all patient interactions and to get feedback on their sessions, they can elevate the quality of care for all. A similar impact could also be felt in the healthcare sector by the use of synthetic data similar to how traditional data would. 

With the help of a data synthesizer, it is possible to create synthetic data based on real-world data. It has been shown that these synthesizers can leverage different methods to produce synthetic data which are capable of being compared to the original data, even if those properties cannot be extracted from the original data, but they are completely independent of real-world data (1, 2). A distinctive feature of synthetic data is the absence of any personal identifying information, which ensures that the data is completely private to the individual and complies with all needed privacy regulations, such as the General Data Protection Regulation (GDPR) of the European Union. 

As a result of increasing interest in data science, the use of high-fidelity synthetic data for data augmentation is becoming increasingly popular. To better predict treatment outcomes and tailor medical treatments for individual patients, digital twins, and virtual cohorts are used to estimate counterfactuals in silico trials, allowing better predictions of treatment outcomes. As a result of synthetic data, clinicians can generate a conversation between patients with depression and therapists to demonstrate how their symptoms began, and these prompts can be used to guide the conversation. 

Providers of healthcare can also use partially synthetic data, which is a combination of a real-life transcript and AI processing that removes any personally identifiable information or private health information, while still telling a coherent story. By using this data, it can then be developed into the types of transcripts, materials for training, etc, that are needed for creating transcripts. Whether the data being used is synthetic data or not, it can (and often is) manipulated or adjusted, as necessary, with additional prompts, until it reaches the result that is desired regardless of whether the data is synthetic or not. 

HIPAA is a sort of Federal law that imposes a variety of privacy rules on the healthcare industry. The fact that Synthetic Data is useful in training models is because it can eliminate these privacy concerns, according to Read. To train models based upon synthetic data, healthcare providers do not need to rely on real person-to-person information. This would allow them to generate a conversation in which they would represent a specific therapeutic intervention, without involving any protected health information of anybody involved in such a conversation. 

Moreover, Read explains, "Synthetic data also allows us to calibrate our search in a much easier way - like for example, generating examples of how a healthcare provider would be able to send an implicit or explicit message to an individual." Moreover, synthetic data democratizes the possibility of various healthcare organizations to train and refine their own artificial intelligence models by enabling them to use synthetic data. 


An organization might have previously been required to provide hundreds (or even thousands) of hours of transcribed sessions between patients and clinicians, along with other information points about these sessions, in order to offer this service, but with synthetic data, businesses are no longer required to do so. Using synthetic data, it is possible for models to learn and develop responses at much faster rates as well, making it easier for new players in healthcare to enter the field to learn and build on existing responses. 

In light of Read's insights, it's important to emphasize that AI and synthetic data are not going to replace clinicians' capabilities or their decision-making authority as Read identifies. By using synthetic data, however, AI has the potential to help clinicians in the right direction to ensure that better standards of care are observed and that best practices are followed. As healthcare providers increasingly adopt synthetic data, they gain a valuable tool for adhering to best practices in patient interactions and enhancing the overall quality of care.

By leveraging synthetic data, practitioners can simulate various clinical scenarios, ensuring their approaches align with industry standards and ethical guidelines. This technology also enables providers to receive constructive feedback on their patient sessions, helping to identify areas for improvement and fostering continuous professional development. The integration of synthetic data into healthcare workflows not only supports more consistent and informed decision-making but also elevates the standard of care delivered to patients across diverse settings. By embracing synthetic data, providers can drive innovation, improve outcomes, and contribute to a more efficient and patient-centered healthcare ecosystem.
Read more »
Volt Typhoon
Botnet CyberCrime Cybersecurity CyberThreat FBI IP Address malware Technology Volt Typhoon

Volt Typhoon rebuilds malware botnet following FBI disruption

 


There has recently been a rise in the botnet activity created by the Chinese threat group Volt Typhoon, which leverages similar techniques and infrastructure as those previously created by the group. SecurityScorecard reports that the botnet has recently made a comeback and is now active again. It was only in May of 2023 that Microsoft discovered that the Volt Typhoon was stealing data from critical infrastructure organizations in Guam, which it linked to the Chinese government. This knowledge came as a result of a spy observing the threat actor stealing data from critical infrastructure organizations on US territory. 

Several Cisco and Netgear routers have been compromised by Chinese state-backed cyber espionage operation Volt Typhoon since September, to rebuild its KV-Botnet malware, which had previously been disrupted by the FBI and was unsuccessfully revived in January, reports said. A report by Lumen Technologies' Black Lotus Labs released in December 2023 revealed that outdated devices mostly powered Volt Typhoon's botnet from Cisco, Netgear, and Fortinet. 

The botnet was used to transfer covert data and communicate over unsecured networks. The US government recently announced that the Volt Typhoon botnet had been neutralized and would cease to operate. Leveraging the botnet's C&C mechanisms, the FBI remotely removed the malware from the routers and changed the router's IP address to a port that is not accessible to the botnet. 

Earlier this month, in response to a law enforcement operation aimed at disrupting the KV-Botnet malware botnet, Volt Typhoon, which is widely believed to be sponsored by the Chinese state, has begun to rebuild its malware botnet after law enforcement officials disrupted it in January. Among other networks around the world, Volt Typhoon is considered one of the most important cyberespionage threat groups and is believed to have infiltrated critical U.S. infrastructure at least for the past five years. 

To accomplish their objectives, they hack into SOHO routers and networking devices, such as Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras, and install proprietary malware that establishes covert communication channels and proxies, as well as maintain persistent access to targeted networks through persistent access. 

Volt Typhoon was a malicious botnet created by a large collection of Cisco and Netgear routers that were older than five years, and, therefore, were not receiving security updates as they were near the end of their life cycle as a result of having reached end-of-life (EOL) status. This attack was initiated by infecting devices with the KV Botnet malware and using them to hide the origin of follow-up attacks targeting critical national infrastructure (CNI) operations located in the US and abroad. 

There has been no significant change in Volt Typhoon's activity in the nine months since SecurityScorecard said they observed signs of it returning, which makes it seem that it is not only present again but also "more sophisticated and determined". Strike team members at SecurityScorecard have been poring over millions of data points collected from the organization's wider risk management infrastructure as part of its investigation into the debacle and have come to the conclusion that the organization is now adapting and digging in in a new way after licking its wounds in the wake of the attack. 

In their findings, the Strike Team highlighted the growing danger that the Volt Typhoon poses to the environment. To combat the spread of the botnet and its deepening tactics, governments and corporations are urgently needed to address weaknesses in legacy systems, public cloud infrastructures, and third-party networks, says Ryan Sherstobitoff, the senior vice president of SecurityScorecard's threat research and intelligence. "Volt Typhoon is not only a botnet that has resilience, but it also serves as a warning computer virus. 

In the absence of decisive action, this silent threat could trigger a critical infrastructure crisis driven by unresolved vulnerabilities, leading to a critical infrastructure disaster." It has been observed that Volt Typhoon has recently set up new command servers to evade the authorities through the use of hosting services such as Digital Ocean, Quadranet, and Vultr. Afresh SSL certificates have also been registered to evade the authorities as well. 

The group has escalated its attacks by exploiting legacy Cisco RV320/325 and Netgear ProSafe router vulnerabilities. According to Sherstobitoff, even in the short period that it took for the operation to be carried out, 30 per cent of the visible Cisco RV320/325 network equipment around the world was compromised. According to SecurityScorecard, which has been monitoring this matter for BleepingComputer, the reason behind this choice is likely to be based on geographical factors by the threat actors.

It would seem that the Volt Typhoon botnet will return to global operations soon; although the size of the botnet is nowhere near its previous size, it is unlikely that China's hackers will give up on their mission to eradicate the botnet. As a preventative measure, older routers should be replaced with more current models and placed behind firewalls. Remote access to admin panels should not be made open to the internet, and passwords for admin accounts should be changed to ensure that this threat is not created. 

To prevent exploitation of known vulnerabilities, it is highly recommended that you use SOHO routers that are not too old to install the latest firmware when it becomes available. Among the areas in which the security firm has found similarities between the previous Volt Typhoon campaigns and the new version of the botnet are its fundamental infrastructure and techniques. A vulnerability in the VPN of a remote access point located on the small Pacific island of New Caledonia was found by SecurityScorecard's analysis. As the network was previously shut down, researchers observed it being used once again to route traffic between the regions of Asia-Pacific and America, although the system had been taken down previously. 
Read more »
Subscribe to: Posts (Atom)